Rockwell Automation’s Allen Bradley PowerFlex 525 AC drives are affected by a critical denial-of-service (DoS) vulnerability that allows hackers to take control of devices.
PowerFlex 525 AC drives are designed for controlling electrical motors. Unlike traditional drives, these devices offer advanced features, such as embedded Ethernet/IP communications and USB programming. Rockwell Automation says the product is ideal for conveyors, pumps, fans and mixers.
Nicolas Merle, a researcher at industrial cybersecurity firm Applied Risk, discovered that the PowerFlex 525 drive is affected by a serious DoS flaw that can be exploited to disrupt the configuration and control software associated with the device by sending it specially crafted UDP packets that cause the Common Industrial Protocol (CIP) network stack to crash.
Exploitation causes the software to disconnect from the device and block legitimate users out, but an attacker can continue sending commands to the system. A hacker could, among other things, change the speed of the drive or send it start/stop commands, Merle told SecurityWeek.
The only way for victims to regain access to the device is to perform a power reset.
“The bug corrupts the CIP daemon in a way that some values returned by the devices are corrupted. It also prevents any new connection to be established with the device,” Merle explained. “One of the issues is that the control software used to interact with this device monitors all necessary values at all times and once the bug is exploited, the software receives an unexpected value and will try to restart the connection – effectively locking itself out.”
Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference
“An attacker, on the other hand, can write a simple script to initiate the connection and not close it. The commands can still be sent to the device in this state and the device will still execute them. In this way, as long as the attacker does not stop the connection, they can continue to send commands and request information. As soon as the connection is terminated, a cold reboot is required for the device to accept new connections,” the researcher added.
Applied Risk says it has uncovered the flaw in version 5.001 of the software, but believes older versions are likely affected as well. The firm says Rockwell Automation has developed a patch, but the vendor has yet to publish a security advisory.
Related: No Patches for Critical Flaws in Fuji Electric Servo System, Drives
Related: Rockwell Automation to Patch Publicly Disclosed Power Monitor Flaws
Related: Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Many VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
Latest News
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- Many VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
